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REMARKS 

This is in response to the Office Action of February 1 5, 2005. By this Amendment independent claims 
25, 38, 54, and 69 have been amended, as well as several dependent claims. Thus, claims 25-32, 34, 37-45, 
47, 49, 54, 59, 69-71, 73-75, and 85-89 are pending. Claims 25, 38, 54, and 69 are the only independent 
claims. 

Filed separately herewith is a Petition for a three-month extension of time, along with payment 
authorization. Should the payment amount be deficient, the PTO is authorized to credit or debit the 
undersigned attorney's Deposit Account No. 06-1358. 

In the last Office Action, the Examiner rejected claims 25-27, 31 , 34, 37-40, 44, 47, 49, 59, 69-71 , 74, 
and 85-87, as obvious over the Boyle '209 patent, in view of the newly cited patent to Chiniwala et al. U.S. 
Patent No. 6,175,622. This basic combination was also used in further combination with the Holden patent to 
reject claims 28-30, 41 -43, 54, 73, 75, 88, and 89. The same combination of Boyle in view of Chiniwala was 
also used with the Stallings reference to reject claims 32 and 45. Thus, if the basic combination of Boyle in 
view of Chiniwala cannot be made, then all of the pending claims should be allowed over the prior art. It is this 
basic combination of references that will be discussed. 

As previously emphasized during the prosecution of this application, the Boyle patent has several 
distinctions over the present invention. The principle distinction that has been emphasized is that Boyle 
requires a security manager to set or select the operation and configuration of the interface units. This is in 
contrast to the present invention which enables a user to select one of a plurality of user profiles out of a group 
user profiles that was authorized or set by the security officer, and the network security controller then 
downloads or sends to the security system or device associated with host computers the user profile that was 
selected by the user. In Boyle, no mechanism is provided for enabling the user to select one of a plurality of 
user profiles that have been preauthorized for the user. It should also be emphasized that in the present 
invention, the security system is cleared and remains cleared unless and until a user selects a specific user 
profile out of a plurality of user profiles that have been authorized for the user. This user selectability provides 
for a dynamic system that is distinct from that of the Boyle patent. 
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The Examiner acknowledges that Boyle does not disclose that the network security controller 
generates a plurality of user profiles for a single user where a single user selects a profile from the plurality of 
user profiles to access the restricted designations. In the present invention, a user who wants access to the 
network has a single user identifier, such as a card, password, etc., and once access to the system is 
authorized, that user identifier is provided with a plurality of user profiles. When a user inputs the user's 
identifier, the network security controller will generate a plurality of user profiles for that single user identifier. 

The Chiniwala patent does not supply the missing ingredients, nor would one look to the Chiniwala 
patent to provide such missing features in Boyle. The Chiniwala patent is basically intended to enable a 
subscriber on a private network to use a cellular telephone. That is, Chiniwala is directed to the features of 
extending a private network to other extensions, including wireless and/or cellular telephones (see column 1 , 
lines 38-41). Chiniwala does discuss the CUG or closed user group restriction feature in column 11, which 
provides for a dialing plan that is unrelated and different from the data network definition of a virtual private 
network where encrypted tunnels are used to privatize the distribution of data, such as that disclosed in the 
present application. The Chiniwala patent essentially describes a method that dialed calls are directed to a 
service switch point to see if they are in the closed user group (CUG) list before a call is made. The Chiniwala 
patent provides for the ability to have multiple stored dialing methods to connect up to four CUGs in a preset 
management scheme, which apparently is set up when the subscriber initially signs up, much like the 
subscriber of a wireless cell phone. That is, Chiniwala provides a management scheme for a preset dialing 
plan as part of a service offering. In contrast the present invention is not directed to a preset management 
scheme, but a dynamic management scheme where the security devices communicate with the network 
security controller to download the principal's operational profile and where the network security officer may 
empower each user to access a variety of hosts with different degrees of privilege. A person may be a 
principal at different devices with different profiles and the security officer adds information for each of the 
security devices to a database located at the network security controller. 

In summary, the present invention establishes an access control data stream that is not preset i.e., it is 
dynamically loaded at session initiation, in contrast to the Chiniwala patent where it is at a service initiation. 
The different profiles of the present invention may change during a subsequent session initiation based on 
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privilege changes issued onto the network security controller database. It would not be obvious to go from a 
preset scheme as shown in Chiniwalato the dynamic scheme of the present invention, nor would the telephone 
application be obvious to convert to the database system of the present invention. 

The present invention is not directed to the concept of switchable (based on a PIN) dialing plans within 
a telephone system, but a concept of a data network with multiple access controls based on a user identifier 
that can connect to multiple encrypted tunnels. The tunnels are based on location (host identifier), IP address 
and/or TCP port and also includes labels. Labels establish the security sensitivity level and mark which user 
identifier can see what portion of the data stream. Thereby, this method discriminates what payload content is 
to be delivered to those locations that the access controls permit There is no such comparable technology in 
Chiniwala in any of these areas and one of ordinary skill cannot go from the switchable dialing plans to that of 
the present invention. The Chiniwala patent provides a management scheme for a preset dialing plan as part 
of a service offering. The present invention does not claim a preset management scheme, but claims a unique 
dynamic management scheme. 

The present invention provides for a set of access controls (security profiles) related to labels on 
tagged headers and payload content The Chiniwala concept is a dialing plan to a set of phone addresses. 
The present invention is a dynamic profile distributing method able to change by altering the access control 
database, in contrast to Chiniwala, which describes a preset static dialing plan. 

Finally, the present invention is in the field of security, not telephone services, as is Chiniwala. Access 
controls are related to security, but alternate phone numbers are not 

Therefore, it would not be obvious to combine Chiniwala with Boyle to reject any of the present claims. 
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Thus, it is respectfully submitted that this application is in condition for allowance. Should the Examiner 
have any questions after reviewing the Amendment the Examiner is cordially invited to telephone the 
undersigned attorneys. 



Respectfully submitted, 
JACOBSON HOLMAN PLLC 




400 Seventh Street N. W. 
Washington, D.C. 20004 
Telephone: (202) 638-6666 
Date: August 4, 2005 
MR&cIc 
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